<!doctype html>
<html lang="zh_cn" itemscope itemtype="http://schema.org/Person">
<head>
            <meta charset="utf-8">
        <!-- Site Meta Data -->
        <title>[原创]未备案域名导致电信IP被封始末</title>
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <meta name="description" content="技术博客,涉及Java/PHP/Python/Javascript等,聊聊程序,聊聊生活,聊聊事实,聊聊育儿">
        <meta name="keywords" content="编码经验,技术分享,生活积累,实事评说">
        <meta name="author" content="布丁缘">

        <link rel="shortcut icon" href="">

        <link href='https://fonts.googleapis.com/css?family=Open+Sans:400,600,700' rel='stylesheet' type='text/css'>
        <!-- Style Meta Data -->
        <link rel="stylesheet" href="https://www.ddkiss.com/theme/css/style.css" type="text/css"/>
        <link rel="stylesheet" href="https://www.ddkiss.com/theme/css/pygments.css" type="text/css"/>

        <!-- Feed Meta Data -->
            <link href="https://www.ddkiss.com/feeds/all.atom.xml" type="application/atom+xml" rel="alternate"
                  title="一个程序员的简单生活 ATOM Feed"/>


    <meta name="keywords" content="">
    <link rel="stylesheet" href="//dn-coding-net-public-file.qbox.me/Coding-Comments/v0.1.0/default.css">
</head>

<body>
<!-- Sidebar -->
<aside>
    <center><h1><a href="/" style="color:#fff"><img id="avatar" src="/images/avatar.jpg"></a></h1></center>
        <p>一个程序员的简单生活</p>
    <br>
    <nav class="nav">
        <ul class="list-bare">
                <li><a class="nav__link" href="https://www.ddkiss.com/category/chang-yong-ji-qiao.html">常用技巧</a></li>
                <li><a class="nav__link" href="https://www.ddkiss.com/category/kai-fa-huan-jing.html">开发环境</a></li>
                <li><a class="nav__link" href="https://www.ddkiss.com/category/sheng-huo-dian-di.html">生活点滴</a></li>

                <li><a class="nav__link" href="/pages/books.html">书单</a></li>
                <li><a class="nav__link" href="/pages/movies.html">影单</a></li>
                <li><a class="nav__link" href="/pages/downloads.html">下载</a></li>
                <li><a class="nav__link" href="/pages/about.html">关于我</a></li>


        </ul>
    </nav>


    <form>
      <input type="text"  id="bdcsMain"/>
    </form>

</aside>

<!-- Content -->
<article>
  <main>
    <nav>
      <a href="/">首页</a>
      <a href="/archives.html">归档</a>
      <a href="/categories.html">分类</a>
      <a href="/tags.html">标签</a>
      <a href="/pages/about.html">关于我</a>
    </nav>
  </main>
    <section id="content">
        <article>
            <h2 class="post_title post_detail"><a href="https://www.ddkiss.com/archives/27.html" rel="bookmark"
                                                  title="Permalink to [原创]未备案域名导致电信IP被封始末">[原创]未备案域名导致电信IP被封始末</a></h2>

            <div class="post_list">
                <span>作者：</span><a href="https://www.ddkiss.com/author/bu-ding-yuan.html">布丁缘</a>
                <span class="post_category">分类：<a href="https://www.ddkiss.com/category/kai-fa-huan-jing.html" rel="bookmark"
                                               title="Permalink to 开发环境">开发环境</a></span>
                <span class="post_date">  时间：2017-09-25 17:56:00</span>

            </div>
            <div class="entry-content blog-post">
                <h2>背景</h2>
<p>本周机房的一个电信IP突然无法访问了。机房方面查了很久，最终猜测可能是因为有未备案的域名解析到了我们的服务器上，且能返回内容(非404)，管局查到直接封IP。那我如何确认IP确实是被封了呢？使用两个命令 tracepath 或 traceroute</p>
<h2>Tracepath结果对比</h2>
<h3>1. 正确的路由结果如下</h3>
<div class="highlight"><pre><span></span>[root@myos ~]# tracepath 15.94.213.144
 1?: [LOCALHOST]                                         pmtu 1500
 1:  no reply
 2:  11.209.216.181                                        1.379ms asymm  1
 3:  11.220.170.81                                         6.916ms asymm  2
 4:  11.220.159.26                                         1.409ms asymm  3
 5:  no reply
 6:  116.251.113.197                                       3.470ms asymm  5
 7:  180.163.38.81                                         7.363ms asymm  6
 8:  101.95.208.77                                         6.200ms asymm  7
 9:  101.95.207.241                                       10.361ms asymm  8
10:  no reply
11:  no reply
12:  113.96.4.66                                          28.649ms asymm 10
13:  183.60.112.54                                        57.804ms asymm 11
14:  113.108.218.206                                      35.668ms asymm 12
15:  14.29.88.90                                          29.401ms asymm 13
16:  no reply
17:  no reply
     Too many hops: pmtu 1500
     Resume: pmtu 1500
</pre></div>


<p><font color=#8B0000 face="黑体">注意：第9步在上海电信，第12步就转入了广州电信了。</font></p>
<h3>2. 被封的IP结果如下</h3>
<div class="highlight"><pre><span></span>[root@myos ~]# tracepath 15.94.213.134
 1?: [LOCALHOST]                                         pmtu 1500
 1:  no reply
 2:  11.209.216.177                                        1.863ms asymm  1
 3:  11.220.170.101                                        5.748ms asymm  2
 4:  11.220.159.54                                         1.399ms asymm  3
 5:  no reply
 6:  42.120.241.33                                         3.471ms asymm  5
 7:  101.95.211.121                                        3.054ms
 8:  101.95.209.73                                         5.125ms asymm  7
 9:  124.74.166.121                                        6.958ms asymm  8
10:  no reply
11:  no reply
     Too many hops: pmtu 1500
     Resume: pmtu 1500
</pre></div>


<p><font color=#8B0000 face="黑体">注意：到第9步上海电信后，再也没有包出来了。也就是在上海电信被封掉了。</font></p>
<h2>Traceroute结果对比</h2>
<h3>1. 正确的路由结果如下</h3>
<div class="highlight"><pre><span></span>[root@myos ~]# traceroute 15.94.213.144
traceroute to 15.94.213.144 (15.94.213.144), 30 hops max, 60 byte packets
 1  * * *
 2  11.209.220.177 (11.209.220.177)  1.990 ms 11.209.216.177 (11.209.216.177)  2.752 ms 11.209.216.181 (11.209.216.181)  2.020 ms
 3  11.220.170.197 (11.220.170.197)  5.702 ms 11.220.170.229 (11.220.170.229)  5.858 ms 11.220.170.85 (11.220.170.85)  5.871 ms
 4  11.220.159.58 (11.220.159.58)  2.038 ms 11.220.159.50 (11.220.159.50)  2.070 ms 11.220.159.22 (11.220.159.22)  2.306 ms
 5  106.11.75.121 (106.11.75.121)  3.814 ms 116.251.106.157 (116.251.106.157)  2.930 ms  2.878 ms
 6  42.120.241.29 (42.120.241.29)  2.674 ms 116.251.113.193 (116.251.113.193)  3.027 ms 42.120.241.21 (42.120.241.21)  3.372 ms
 7  * 101.95.211.125 (101.95.211.125)  2.639 ms *
 8  101.95.208.77 (101.95.208.77)  6.265 ms * *
 9  101.95.207.93 (101.95.207.93)  4.280 ms 101.95.206.1 (101.95.206.1)  4.643 ms 124.74.166.137 (124.74.166.137)  12.276 ms
10  * * *
11  * * *
12  113.96.4.66 (113.96.4.66)  34.678 ms  34.182 ms 113.96.4.54 (113.96.4.54)  35.958 ms
13  183.60.112.54 (183.60.112.54)  28.029 ms  27.128 ms  28.246 ms
14  125.88.170.10 (125.88.170.10)  49.674 ms  49.867 ms  41.198 ms
15  14.29.88.90 (14.29.88.90)  28.133 ms  28.399 ms  28.301 ms
16  * * *
17  * * *
18  * * *
</pre></div>


<p><font color=#8B0000 face="黑体">注意：第９步在上海电信，第12步就跑到了广州电信</font></p>
<h3>2. 被封的IP结果如下</h3>
<div class="highlight"><pre><span></span>[root@myos ~]# traceroute 15.94.213.134
traceroute to 15.94.213.134 (15.94.213.134), 30 hops max, 60 byte packets
 1  * * *
 2  11.209.216.177 (11.209.216.177)  2.489 ms 11.209.220.181 (11.209.220.181)  2.829 ms  2.670 ms
 3  11.220.170.89 (11.220.170.89)  9.010 ms 11.220.170.125 (11.220.170.125)  5.813 ms 11.220.170.221 (11.220.170.221)  9.140 ms
 4  11.220.159.26 (11.220.159.26)  1.338 ms 11.220.159.54 (11.220.159.54)  1.510 ms 11.220.159.58 (11.220.159.58)  2.747 ms
 5  116.251.106.157 (116.251.106.157)  2.852 ms 116.251.107.17 (116.251.107.17)  2.633 ms 116.251.107.13 (116.251.107.13)  2.997 ms
 6  140.205.50.237 (140.205.50.237)  2.988 ms 140.205.50.245 (140.205.50.245)  2.084 ms 42.120.241.41 (42.120.241.41)  2.703 ms
 7  180.163.38.85 (180.163.38.85)  105.373 ms * 180.163.38.25 (180.163.38.25)  104.232 ms
 8  * * *
 9  * 124.74.166.137 (124.74.166.137)  12.084 ms  11.678 ms
10  * * *
11  * * *
</pre></div>


<p><font color=#8B0000 face="黑体">注意：到第９步上海电信后，就再也没有以后了……</font></p>
<h2>总结</h2>
<p>这次IP被封影响很大，因为电信用户是大头。所以，必须吸取教训。对于恶意的域名解析，一定要返回403。nginx里可以配置如下</p>
<div class="highlight"><pre><span></span>server{
      listen 80 default;
      return 403;
}
</pre></div>


<p>这样配置后，可以防止恶意域名解析到你的服务器！注意不能选择50x!</p>
            </div>
            <div class="post_list">
              <div><span>Tags : </span>
              </div>
            </div>
        </article>
        <div id="container"></div>
        <script type="text/javascript" src="//dn-coding-net-public-file.qbox.me/Coding-Comments/v0.1.0/gitment.min.js"></script>
        <script>
            var gitment = new Gitment({
              owner: 'whusl',
              repo: 'BlogComments',
              oauth: {
                client_id: '621866266817529fba46681653017809',
                client_secret: '14188411740b12ae52159cee9b586bf85cd54125',
              },
            })
            document.getElementById('container').appendChild(gitment.render())
          </script>
    </section>
</article>

<!-- Footer -->
    <footer>
        <p> &copy;2017-2020&nbsp;<a href="http://www.miitbeian.gov.cn/" target="_blank">鄂ICP备17020200号</a>
          Blog powered by <a href="http://getpelican.com/">Pelican</a>
        </p>
    </footer>

    <!-- Analytics -->
    <script>
      var _hmt = _hmt || [];
      (function() {
        var hm = document.createElement("script");
        hm.src = "https://hm.baidu.com/hm.js?88c55edaf311dbacac56a16316b04c8b";
        var s = document.getElementsByTagName("script")[0];
        s.parentNode.insertBefore(hm, s);
      })();
    </script>

<script type="text/javascript">(function(){document.write(unescape('%3Cdiv id="bdcs"%3E%3C/div%3E'));var bdcs = document.createElement('script');bdcs.type = 'text/javascript';bdcs.async = true;bdcs.src = 'http://znsv.baidu.com/customer_search/api/js?sid=14490611060029767912' + '&plate_url=' + encodeURIComponent(window.location.href) + '&t=' + Math.ceil(new Date()/3600000);var s = document.getElementsByTagName('script')[0];s.parentNode.insertBefore(bdcs, s);})();</script>

</body>
</html>